[tor-commits] [tor/release-0.3.2] Permit kill(pid, 0) in the seccomp2 sandbox.

nickm at torproject.org nickm at torproject.org
Mon Nov 20 18:22:17 UTC 2017


commit 7461cd30676da62324271ddd7b7d347eeff40266
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Nov 16 12:44:47 2017 -0500

    Permit kill(pid, 0) in the seccomp2 sandbox.
    
    We don't want to allow general signals to be sent, but there's no
    problem sending a kill(0) to probe whether a process is there.
    
    Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
    was introduced.
---
 changes/bug24198     |  4 ++++
 src/common/sandbox.c | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/changes/bug24198 b/changes/bug24198
new file mode 100644
index 000000000..679070687
--- /dev/null
+++ b/changes/bug24198
@@ -0,0 +1,4 @@
+  o Minor bugfixes (controller, linux seccomp2 sandbox):
+    - Avoid a crash when attempting to use the seccomp2 sandbox
+      together with the OwningControllerProcess feature.
+      Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..0b862a549 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+       SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = {
     sb_socket,
     sb_setsockopt,
     sb_getsockopt,
-    sb_socketpair
+    sb_socketpair,
+    sb_kill
 };
 
 const char *





More information about the tor-commits mailing list